Restricting access

We want to prevent people without an administrative login from accessing our site’s admin pages. It turns out that we can do it with very little code using the Rails callback facility.

Rails callbacks allow us to intercept calls to action methods, and add our own processing before they’re invoked, after they return, or both. In our case, we’ll use a before-action callback to intercept all calls to the actions in our admin controller. The interceptor can check session[:user_id] in line 9. If it’s set and if it corresponds to a user in the database, the application knows an administrator is logged in and the call can proceed. If it’s not set, the interceptor can issue a redirect. In this ...

Getting Started

Instant Gratification

The Architecture of Rails Application

Introduction to Ruby

The Depot Application

Creating the Application

Validation and Unit Testing

Catalog Display

Cart Creation

A Smarter Cart

Adding a Dash of Ajax

Check Out

Entering Additional Payment Details

Sending Emails and Processing Payments Efficiently

Logging In

Internationalization

Receive Emails and Respond with Rich Text

Finding Your Ways Around Rails

Active Record

Action Dispatch and Action Controller

Action View

Migrations

Customizing and Extending Rails

Conclusion

Appendix

Limiting Access

Restricting access